Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat. Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open.
Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture. And Brocious says he plans to release all his research in a paper as well as source code through his website following his talk, potentially enabling others to perfect his methods.
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
Withdrawn by Samsung and recalled from store shelves, the explosion-prone Galaxy Note 7 is now forbidden in the skies. The Federal Aviation Administration has officially banned it, via an emergency prohibition order, making it a federal crime to take one on board an airplane. The order restricts passengers from carrying the phone “on their person, […]
Beam is a lightbulb replacement that screws into any light-socket and turns it into a remote-controlled LCD projector.
There was a time when I had a lot of multitools: it started innocently, with a classic Leatherman “pocket survival tool,” which I carried everywhere, and because when you have a multitool, everything looks like a screw, bottlecap, thing-in-need-of-sawing/scissoring, or filing, I used it all the time.
The Atmos R2 may be bigger than the brand’s previously-released vapes, but we argue that in this case it’s definitely a good thing. A bigger heating chamber means more room for packing it full. And the bigger battery means longer, more fulfilling vape sessions. In fact, you can use the Atmos R2 for up to about 25 […]
These days, there is huge demand for ethical hackers. Companies pay these professionals to identify and remedy security holes in their networks before malicious hackers find and exploit them. What’s great about this is that if you love hacking or think you may love hacking, you can do it for a living and not as […]
The Boing Boing Store features tons of headphones with a range of functionality, quality levels, and prices. Today we’re featuring 2 of the best additions, fresh to the Store this week.The first set of bluetooth headphones are great for working out or everyday listening, while the wired second set will be really attractive to anyone who […]